United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/552,345 



7733 



04/19/2000 



7590 



07/28/2005 

WALKER & JOCKE, L.P.A. 
231 SOUTH BROADWAY STREET 
MEDINA, OH 44256 



Eugene Amdur 



DSC-001 



3244 



EXAMINER 



TRAN, ELLEN C 



ART UNIT 



PAPER NUMBER 



2134 

DATE MAILED: 07/28/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



1 

Office Action Summsry 


Application No. 

09/552,345 


Applicant(s) 

AMDUR ET AL 


Examiner 

Ellen C. Tran 


Art Unit 

2134 





-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of timo may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum. statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to.reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)121 Responsive to communication(s) filed on 06 May 2005 . 
2a)Kl This action is FINAL. 2b)Q This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) [X) Claim(s) 25-30,45,54 and 55 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) (El Claim(s) 25-30, 45, 54, and 55 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

1 2)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 

2) [Zl Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ information Disclosure Statement(s) (PTO-1 449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) C] Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

.5) O Notice of Informal Patent Application (PTO-1 52) 
6) □ Other: . 



U.S. Paten; and Trademark Office 

PTOL-326(Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20050723 



Application/Control Number: 09/552,345 Page 2 

Art Unit: 2134 

DETAILED ACTION 

1. This action is responsive to communication: amendment filed 6 May 2005 with 
recognition of a filing date of 19 April 2000. 

2. Claims 25-30, 45, 54, and 55 are currently pending in this application. Claims 25, 29, 
and 54 are independent claims. Claims 29 and 40 were amended to correct spelling error. 
Claims 1-24, 31-44, 46-53, 56-63 are withdrawn. 

Response to Arguments 

3. Applicant's arguments with respect to claims 25-30, 45, 54, and 55 have been considered 
but they are not found persuasive. 

With respect to applicant's argument on page 24, "In comparison, the disclosure of the 
c 4 19 reference describes the use of decision trees to define access rules for a firewall . . . The 
approach of the '419 reference is therefore submitted to be quite different from that recited in the 
claims, which represents access policies in a decision tree manner at the grid GUI level". The 
Office disagrees in the application the following is claimed in the independent claim "the 
method comprising the steps of displaying, on a computer display unit, a grid having nodes, laid 
out on a first and on a second axis displaying, on the grid, unit user labels corresponding to the 
user data, each user label labeling nodes aligned relative to the first axis on the grid and 
displaying on the grid resource labels . . . each resource label labeling nodes aligned relative to 
the second axis of the grid". Turing to reference '419 as recited in the previous Office Action as 
well as below see "FIGS. 6a-6d, 7, and 8", the grid claimed is interpreted as the GUI shown. 
Note a GUI has two axes, the alignment of objects to an axis is well known in the art when 
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designing computer programs to be displayed on a computer screen. In addition it is also well 
known in the art there are many different ways to represent information. Take for example your 
typical Excel spreadsheet, the program itself allows the user to decide which axis is x and which 
is y as well as what information to be displayed. Therefore any argument applicant directs 
toward how information is displayed relative to axes is not persuasive. The reference was cited 
because it shows a program that is utilized when designing a security policy. In addition the 
reference shows a representation for individuals as well as groups relative to a resource and or 
service. 

As to applicant's argument on page 24, "with respect to claim 54, it is noted that the 
claim expressly recites sets of defined users and of resources and services for a computer 
network. The '419 reference is concerned with control of communication across a firewall and is 
not generalized to deal with access of resources and services within a network as is set out in 
claim 54". The Office disagrees the claimed states "the computer network comprising defined 
users services and resources" clearly has the same meaning as '419 which is a security policy 
which defines access policies for various services and user programs. In addition to the below 
Office Action see col. 3, lines 66 through col, 4, line 20 "You can add a node to check for such 
criteria as the time of day, whether the connection uses the appropriate authentication or 
encryption, the user or groups initiating the connection request or the IP address or host of the 
connection ... In one such embodiment, ACLs consist of all the required kernel code. This is all 
the code that implements the rules themselves in the kernel including: ... Also included are the 
system calls that the user level programs need to use the ACLs". 
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As to applicant's argument beginning on page 24 "In addition, claim 54 defines the step 
of displaying nodes in a grid ... It is respectfully submitted that '419 reference teaches the 
display of an access rule using a decision tree that is not defined by nodes in a grid". The Office 
disagrees with argument '419 discusses "decision trees" when defining a security policy however 
the "decision tree" is then incorporated onto the GUI which displays the policy rules. As 
mentioned previously Note a GUI has two axes, the alignment of objects to an axis is well 
known in the art when designing computer programs to be displayed on a computer screen. In 
addition it is also well known in the art there are many different ways to represent information. 
Take for example your typical Excel spreadsheet, the program itself allows the user to decide 
which axis is x and which is y as well as what information to be displayed. Therefore any 
argument applicant directs toward how information is displayed relative to axes is not 
persuasive. The reference was cited because it shows a program that is utilized when designing a 
security policy. In addition the reference shows a representation for individuals as well as 
groups relative to a resource and or service. 

As to applicant's arguments beginning on page 25-27 "In contrast, the '419 reference has 
no axis corresponding to user data . . . not by the location of the node in a grid arrangement ... in 
which user labels are found on an axis in the grid . . . neither describes nor suggest the use of 
business relationship tree data structure nor does it disclose the use of such structure to define 
axis label . . . '419 reference does not specify a grid arrangement in which the location of the 
nodes has a significance for access policies". The Office disagrees, the reference was cited 
because it shows a program that is utilized when designing a security policy. In addition the 
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reference shows a representation for individuals as well as groups relative to a resource and or 
service on a GUI, which inherently has two axes. 

As to applicant's argument on page 28 "The '261 reference does not disclose or suggest 
the use of grid arrangement for the display of access policies". The Office disagrees, '419 
teaches the use of a GUI to display policy. The reference c 261 was utilized because it shows the 
design of the icon. In addition '261 also has a GUI which is has the same meaning as the two 
axes. 

As to applicant's argument on page 28, "the '261 reference does not teach the use of an 
access policy editor for defining nodes in a grid". The Office disagrees, '419 teaches the 
defining nodes in a grid, see below Office Action. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

5. Claims 25, 26, 27, 29, 54, and 55 are rejected under 35 U.S.C, 102(b) as being anticipated 
by Flint et al. U.S. Patent No. 6,453,419 (hereinafter c 419). 

As to independent claim 54, "A method for displaying access policies for a security 
service for a computer network" is taught in '419 col. 2, lines 6-13; 

"the computer network comprising defined users" is shown in c 419 col. 3, 
lines 10-13; 
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"services and resources" is disclosed in '419 col. 4 } lines 14-19; 

"the method comprising the steps of displaying, on a computer display unit, a grid 
having nodes, laid out on a first and on a second axis" is taught in 419 col. 2, lines 51-52 (the 
first and second axis are inherent in a GUI) 

"displaying, on the grid, unit user labels corresponding to the user data, each user 
label labelling nodes aligned relative to the first axis of the grid, and" is shown in 419 col. 
5, lines 29-3 1 (the alignment to first axis is inherent in a GUI); 

"displaying on the grid resource labels corresponding to the services and resources 
data, each resource label labelling nodes aligned relative to the second axis of the grid, 
whereby the nodes in the grid correspond to access policies for the defined users and 
defined services and resources for the computer network, corresponding to the user and 
resource labels" is disclosed in £ 419 col. 6, 
lines 25-37. 

As to dependent claim 55, this claim is directed to a program storage device performing 
the method of claim 54 and is therefore rejected along similar rationale. 

As to independent claim 25, this claim is directed to a graphical user interface of the 
method of independent claim 54 and is therefore rejected along similar rationale. 

As to dependent claim 26, "further comprising a user definition component for 
defining a business relationship tree data structure representing a set of the defined users 
and in which the user labels displayed by the graphical user interface correspond to the 
business relationship tree data structure" is taught in '419 col. 3, lines 31-47. 
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As to dependent claim 27, "further comprising a resource definition component for 
defining a resource tree data structure representing a set of the defined services and 
resources and in which the resource labels displayed by the graphical user interface 
correspond to the resource tree data structure" is shown in '419 col. 3, line 61 through col. 4, 
line 7. 

As to independent claim 29, "A graphical user interface" is disclosed in '419 col. 2, 
lines 51-52; 

"for a security service for a computer network" is taught in '419 col. 2, lines 6-13; 

"the computer network comprising defined users represented by a business 
relationship tree data structure" is shown in '419 col. 3, lines 31-47; 

"the computer network further comprising services and resources, represented by a 
resource tree data structure" is disclosed in '419 col. 6, lines 25-37; 

"the graphical user interface comprising display means for displaying a grid 
comprising nodes laid out on a first axis and on a second axis" is shown in '419 col. 2, lines 
51-52 (it is inherent in a GUI to have a first and second axis) 

"user labels corresponding to the users in the business relationship tree data 
structure, each user label labelling nodes aligned relative to the first axis of the grid" is 
disclosed in '419 col. 5, lines 29-31; 

"and resource labels corresponding to the defined services and resources in the 
resource tree data structure, each resource label labelling nodes aligned relative to the 
second axis of the grid, the nodes in the grid corresponding to access policies for the 
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defined users and defined services and resources, corresponding to the user and resource 
labels" is taught in '419 col. 6, lines 25-37. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A pa teat may not be obtained though the invention is not identically disclosed or described as set forth in 
section L02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 28, 30, and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ml 9 in further view of Wiegel U.S. Patent No. 6,484,261 (hereinafter £ 261). 

As to dependent claim 28, the following is not taught in '419 "further comprising an 
access policy editor for defining the nodes in the grid, the access policy editor comprising 
means for graphically assembling icons representing policy rules to define an access policy 
for a user-specified node" however '261 teaches "The administrator can define a security 
policy once and apply it to a plurality of network devices. To accomplish this, the administrator 
prepares a symbolic policy and saves it persistently using a unique name. The name of the 
policy and an icon representing the policy are displayed in a tree in a pane of a user interface 
generated by the mechanism. The physical network available to the administrator is displayed 
as a separate tree of icons that represent network objects. The administrator moves the mouse 
cursor to the previously defined policy, clicks and holds down a mouse button, and drags the 
icon representing the policy over an icon representing a network object. When the 
administrator releases the mouse button, the policy is applied to the network object. In this 
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manner, policies can be dragged and applied to NT domains, users, groups, individual 
machines, or to arbitrary groups of machines residing in-defined physical or logical networks" 
in col. 14, lines 36-52. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify a security service for a computer network taught in '419 to include a means 
to graphically design the user interface. One of ordinary skill in the art would have been 
motivated to perform such a modification to customize the display screen and therefore increase 
user flexibility see '261 col. 4, lines 38-44 "There is also a need for a way to construct a 
representation of a network security policy in which the representation is easily correlated with 
the policy. There is a particular need for such a mechanism that does not require the 
administrator to have knowledge about low-level network protocol details and about the 
particular network protocols that are used by application programs". 

As to dependent claim 30, "the grid comprising inheriting nodes and defining nodes, 
the defining nodes corresponding to access policies expressly defined by a policy manager, 
the graphical user interface further comprising means for displaying inherited access 
policies for inheriting nodes in the grid by propagating access policies from the defining 
nodes in the grid across the inheriting nodes below the defining nodes in each of the 
business relationship tree data structure and the resource tree data structure" is shown in 
'261 col. 13, lines 37-50 "Thereafter, administrators can reference the network objects in the 
Networks tree 720 when developing security policies. For example, the administrator can 
prepare a security policy that accepts or rejects a data packet depending on whether the 
destination of the packet is the software engineering group 726, the marketing group 728, or one 
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of the hosts 730 within a group. Accordingly, the security policies are kept simple because, 
rather than incorporating the network-specific information, the security policies inherit 
knowledge about the network from the Networks tree 720. Further, a security policy may be 
attached to a group of objects rather than only to a single object". 

As to dependent claim 45, this claim is directed to a program storage device performing 
the method of claims 25, 26, and 30; therefore it is rejected along similar rationale. 

Conclusion 

T H IS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1 .136(a). A shortened statutory period for reply to this final action is set to 
expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
statutory period will expire on the date the advisory action is mailed, and any extension fee 
pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In 
no event, however, will the statutory period for reply expire later than SIX MONTHS from the 
mailing date of this final action. 

8, Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 6:00 am to 1:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is (571) 273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
23 July 2005 
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